0
此代码不会更改登录用户的密码,而会更改为0,然后不允许我重新登录。我了解md5不是最安全的,因为这不会仅仅是一个项目的活跃网站。不过,我接受有关替代方案的建议。我在db中有两个名为password和password2的字段,它们在更改密码后都需要更改。此外,错误消息不显示。数据库中的密码字段更改为0
<?php
session_start();
if (!isset($_SESSION["user_login"])) {
header("Location: sign_up.php");
} else {
$username = $_SESSION["user_login"];
}
include ("connect.php");
?>
<?php
//Variables
if(isset($_POST['change_pass_submit'])){
$oldpassword = $_POST['oldpassword'];
$newpassword1 = $_POST['newpassword1'];
$newpassword2 = $_POST['newpassword2'];
$pass_query = mysqli_query ($connect, "SELECT * FROM users WHERE email='$username'");
while ($row = mysqli_fetch_assoc($pass_query)) {
$existing_pass = $row ['password'];
//Checking if md5 encrypted password matches
$md5_oldpassword = md5($oldpassword);
//check if the old password and the old password entered now match
if ($md5_oldpassword == $existing_pass){
//check if the two new passwords match
if ($newpassword1 == $newpassword2) {
$md5_newpassword = md5($newpassword1);
$md5_newpassword2 = md5($newpassword2);
//Query to update the password
$password_update_query = mysqli_query($connect, "UPDATE users SET password='$md5_newpassword' AND password2='$md5_newpassword2' WHERE email='$username'");
echo "Your password has now changed!";
}
else{
echo "Your new password and re entered password does not match. Please try again.";
}
}
else {
echo "Your old password does not match. Please try again.";
}
}
}
?>
<div class="container">
<h3> Change your Password: </h3>
<form action="" method="POST" enctype="multipart/form-data">
<div class="form-group">
<label for="oldpassword">Old Password:</label>
<input type="oldpassword" class="form-control" name="oldpassword" placeholder="Enter old password" >
</div>
<div class="form-group">
<label for="newpassword1">New Password:</label>
<input type="newpassword1" class="form-control" name="newpassword1" placeholder="Enter new password" >
</div>
<div class="form-group">
<label for="newpassword2">New Password:</label>
<input type="newpassword2" class="form-control" name="newpassword2" placeholder="Re-Enter new password" >
</div>
<center>
<button type="submit" class="btn btn-primary" name="change_pass_submit" style=" background-color:#337AB7; color:white;">Change Password</button>
</center>
</form>
</div>
出于好奇,为什么你在表中存储相同的值*两次? – David
...为什么MD5?你有没有多次看过*“回到未来”? –
@David在用户注册时进行验证。 –